General
-
Target
d2796c2b9a7cc6ab3fddee626e8c3b7aae1b1b640e17a80d9b7ef7a3c17a1416
-
Size
4.2MB
-
Sample
240420-nngheafe78
-
MD5
9e5dda19cec5642bbba30d86beb37242
-
SHA1
69515a84159df9186bf7ebcfa4f8b645030b0858
-
SHA256
d2796c2b9a7cc6ab3fddee626e8c3b7aae1b1b640e17a80d9b7ef7a3c17a1416
-
SHA512
9f4b681ec768d08091c437d07386ee3b05d3044cb57823aa7218aa2db36fbb95cff09067943ff98831c982964c4da127d7c8dbd5768643a74795cc486bdc0c84
-
SSDEEP
98304:qExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nR/:qMby0Sruak17xwW
Static task
static1
Behavioral task
behavioral1
Sample
d2796c2b9a7cc6ab3fddee626e8c3b7aae1b1b640e17a80d9b7ef7a3c17a1416.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
d2796c2b9a7cc6ab3fddee626e8c3b7aae1b1b640e17a80d9b7ef7a3c17a1416
-
Size
4.2MB
-
MD5
9e5dda19cec5642bbba30d86beb37242
-
SHA1
69515a84159df9186bf7ebcfa4f8b645030b0858
-
SHA256
d2796c2b9a7cc6ab3fddee626e8c3b7aae1b1b640e17a80d9b7ef7a3c17a1416
-
SHA512
9f4b681ec768d08091c437d07386ee3b05d3044cb57823aa7218aa2db36fbb95cff09067943ff98831c982964c4da127d7c8dbd5768643a74795cc486bdc0c84
-
SSDEEP
98304:qExeyMsyixS5pRc4vIUtzCuveHCg7xBa+u+nR/:qMby0Sruak17xwW
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1